STEGANOGRAPHY AND STEGANALYSIS

STEGANOGRAPHY AND STEGANALYSIS
Tayana Morkel
Information and Computer Security Architecture (ICSA) Research Group
Department of Computer Science
University of Pretoria
E-mail: tmorkel@cs.up.ac.za
Can you see the difference?
Since the rise of the Internet one of the most important factors of information technology and
communication has been the security of information. From early times encryption was developed
as a technique for securing the secrecy of communications. Many different methods have been
developed to encrypt and decrypt data in order to keep the message secret. But lately it may not
be enough to keep the contents of a message secret, it may also be necessary to keep the existence
of the message secret. The technique used to implement this is called steganography.
Steganography is not a new technology. It has been in use since ancient Greek times [1] and was
extensively used in World War I and II [2]. Since then the technology has evolved, but the idea
has remained the same, the only difference being that today steganography is mostly used on
computers with digital data being the carriers. Any form of electronic media such as audio files,
image files, and even program files can be used as a carrier file for hidden information.
Images are the most popular carrier file for steganography because of the abundance of images
available on the Internet. Another reason is the fact that the way images are stored creates a great
amount of redundant space which is the ideal place to hide information. Hiding information is
done through a variety of algorithms that embed information, mainly on bit-level.
Secret Steganography
message encode
Sender’s end
Communication
channel
Secret Steganography
message decode
Receiver’s end
Steganography is different from cryptography. Where cryptography focuses on keeping the
contents of a message secret, steganography focuses on keeping the fact that a message exists
secret. Steganography and cryptography are both excellent ways to protect information from
unwanted parties but neither technology alone is perfect and can be broken. The strength of
steganography is thus amplified by combining it with cryptography. First the secret message is
encrypted and then it is embedded into other information.
Research in steganography has mainly been driven by the lack of strength in cryptographic
systems. Many governments have created laws to either limit the strength of a cryptographic
system or to prohibit it altogether [3]. Steganography can be used as an alternative to hide
important information inside another file so that only the intended parties know that a message
even exists. When someone must send a highly sensitive document over the Internet,
steganography can be used to embed this document into another cover medium.
Unfortunately with the good also comes the bad. Because steganography is a technology that
enables users to hide messages from unintended recipients, it can also be used by criminals to
hide messages from authorities. For example, steganography can have an bad influence on the
practice of corporate espionage, where employees can embed sensitive information in a
seemingly harmless document and smuggle it out of the company. There is also a possibility that
criminals can use public domain websites, for example public auction sites, to communicate
through hidden messages. None of these have been provenly used, but the fact that these
possibilities exist makes it necessary to research the methods of detecting steganography. This
method is called steganalysis.
Where steganography focuses on ways to hide information, steganalysis is the technology used to
detect hidden information. Steganographic algorithms sometimes leaves a signature in the file
that is encoded. With this knowledge some secret messages can be extracted.
For example: A digital image consists of a grid-type structure of pixels. Each pixel in turn
consists of a series of bits to define what the color of that pixel should be. If one where to change
the least significant bit (LSB) of a pixel the human visual system would not be able to detect the
change. Many steganographic algorithms use this technique.
The image on the left does not have any information embedded in it, while the image on the right
uses the least significant bit methods to encode secret information. As one can see there is no
visual difference between the two. When putting both images through a program that enhances
the least significant bits of the image, the results are as follows:
The effect that the changes in the least significant bit has on the image can clearly be seen when
looking at the embedded image. When one now knows that steganography has been used on this
image, one can take further steps to extract the information.
List of references
[1] Johnson, N.F., Steganography, http://www.jjtc.com
[2] Krenn, R., Steganography and Steganalysis, http://www.krenn.nl/univ/cry/steg
[3] Dunbar, B., Steganographic techniques and their use in an Open-Systems environment,
SANS Institute 2002
[4] Chandramouli, R., A mathematical approach to steganalysis, Proceedings of SPIE
security and watermarking of multimedia contents IV, January 2002
[5] Kessler, G. C., An Overview of Steganography for the Computer Forensics Examiner,
Forensic Science Communications Volume 6 Number 3, July 2004
[6] Silman, J., Steganography and Steganalysis: An Overview, SANS Institute 2001